On November 21, the FABEN OB/GYN practice in Florida got infected with GandCrab ransomware. They do not disclose how that happened, but the problem was detected quickly. To mitigate any damage or risk, FABEN decided to delete the infected files and restore files from backups.
But they didn’t have backups of all files. Any files that were manually scanned into the system (e.g., if a patient brought them a copy of lab work or a report), may not have been backed up.
Should FABEN have attempted to decrypt the files? Was a solution available in November? There was a free decryption tool available for some versions of GandCrab by early November, but we do not know what version this practice was hit with. Maybe there was no available tool?
Here is the full notification:
FABEN_Individual_ Notification _Letter_ (00455940-2xB33F6)_ (002)The incident was reported to HHS as being reported to 6,092 patients.